I need to allow HTML5 tags and attributes. I need to allow iframes from trusted sources for embedding video, audio and 3D-models.

There’s pretty good HTMLPurifier extension for HTML5 at GitHub. There’re many examples for allowing iframes, just a basic example here

But how to extend/inject Omeka’s definitions? It’s not enough to add allowed HTML elements and attributes under Settings > Security, it requires custom code.
I cannot override the definitions on-fly, because Omeka_Controller_Plugin_HtmlPurifier has built-in methods that run first and then fires hook, that doesn’t support priority argument unlike filter.

I found 2 possible ways, but both will touch the core…Omeka_Filter_HtmlPurifier could add filter inside createHtmlPurifier() method:

UPDATE: There’s another catch that makes it harder to implement. As soon as I read/get config or definitions, the HTMLPurifier_Config object gets automatically finalized, so it’s impossible to write/set any new values to it. Only the first plugin would be allowed to do something. The only way would be calling HTMLPurifier_Config::inherit($currentConfig) to get fresh copy to work on…

As between those two I think it definitely makes more sense to have any new extension points in Omeka_Filter_HtmlPurifier, as the lower-level component.

The part about the config getting finalized… is that right? We just create it and arbitrarily set stuff on it and I’m not aware of it being an issue, until of course it’s actually used with HTMLPurifier::instance.

I’m on mobile so it’s tough to post link to actual code, but it’s easy to reproduce it if you call $purifierConfig->get('HTML.AllowedElements'); right before calling $purifierConfig->set('HTML.AllowedElements', $allowedHtmlElements); in Omeka_Filter_HtmlPurifier. Anyway, thanks for feedback, I will prepare pull request for this